Episode 329 of The CyberJungle is about 33 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

Episode 242 of The CyberJungle is about 25 minutes long. You can hear it by clicking on the flash player below. The interview with Sean Morrissey of Katana Forensics begins at about 13min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

Forensic innovator Jonathan Grier has developed tools that use statistical analysis of file access data to reconstruct timelines. According to Mr. Gerier, his method can be used to determine what, if data was exfiltrated from the system. Read more in: Detecting data theft using stochastic forensics.

Episode 186:

This week’s regular episode of The Cyberjungle is 27 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

Tales from the Dark Web

Our Take on This Week’s News

Throwing Salt on A Data Breach Wound- Imagine this: Business has proprietary info potentially worth millions, stolen by an employee. Employee is caught, and during the court trial, the very proprietary info stolen could be revealed again in a public court trial. Get the details, and a link to the case

Episode 175:

This week’s regular episode of The Cyberjungle is 1 hour and 25 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

Interview

Lance Spitzner from the SANS “Securing the Human” project joins us to discuss the final (and largest) hole in network security. It’s the users, stupid. Millions of hours and billions of brain cells have been spent securing computers and networks. The job will never be done until we secure the humans. Our interview with Lance is about 5 minutes long, and it starts about 25 minutes into the show. Lance’s blog posting with slides from his presentation at SANS Las Vegas.

Tales from the Dark Web

Our Take on This Week’s News

Teacher fired for posting a blog that included references to various students.The article in the Austin Statesman is unclear, but the reader comments help us piece together the story. Apparently this teacher, who was last year’s teacher of the year, wrote a blog on which she contemplated how to approach teaching challenges presented by some of her individual students. Her mistake was probably posting photos. One comment indicates that she did not identify any of the students by name. We are inclined to blame the administration for failure to make clear the policies regarding federal student privacy laws (FERPA).

“Respondent May NOT Use Internet in Any Manner to Communicate About Petitioner Ever Again.” An order handed down in a divorce case. The question on the Volokh Conspiracy is whether the order in constitutional. (Remember free speech?) You can’t libel someone, and maybe you can be gagged during litigation, but the government can’t permanently keep you from trashing your ex.

Lawyers heart Facebook! Best not to post photos of yourselflooking healthy and robust on Facbook if you’re in litigation for a personal injury. A judge has ordered the private portions of plaintiff’s Facebook are discoverable, since the public portions suggest she’s having more fun that she claims her physical condition permits.

U.S. Cybercommand proposing an internet “safe zone” for government and such critical industries as utilities and banking. A super-safe segregated network might raise as many questions as it answers. Read various versions below for a variety of angles.

Citibank announced today a major flaw in its iPhone/iPad banking app. The app leaves account information on the device. What is this bad? Well, iPhone/iPad/iOS does not support whole disc encryption.

At last month’s Gartner Security and Risk Conference in DC, I sat next to a Senior Executive with one of the larger anti-virus companies. According to this executive, the company wants to make and sell a whole disc crypto product, but Apple will not open its API (application program interface) to support whole disc encryption.

Citi iPhone App

Today’s announcement by Citibank about a flaw in their app, comes as little surprise. While this particular flaw can be fixed with an update, the fact remains: The foundation is sitting on shifting sands. The iOS is first and foremost a consumer media platform. It has a great bright interface, and plays music and videos really well. It has a great eBook reader. But, these devices were not and are not built with security and privacy at their foundation.

When you mistype a word, iOS saves, it, unencrypted. When you use a map, iOS saves it, unencrypted. When info is “erased.” the platform saves it, unencrypted. As a forensic analysis, the iOS is a boon to uncovering information that the owner of the device would be shocked to learn can be discovered.

I am realistic. Many people are gaga for every device Apple makes. To borrow a phrase: “If Apple took a brick and called it an iPhone you would still want it.” For these people, buying a smartdevice is all about being trendy and the purchase is almost all based upon emotions. I doubt that anything they read about poor security on the iOS will change their behavior.

For others, I suggest “Think Different.” Resist the temptation to use an unprotected consumer device for business. Use your iPhone/iPad as a media device, and use Blackberries (with the Blackberry Enterprise Server), for business use. It looks like the industry will release business-oriented slate devices to compete with iPad. That may turn out to be smarter for business use.

Until Apple addresses the underlying security issues in the platform, it’s a safe prediction that we will hear other stories about security flaws hurting iOS users.

Interview Segments:

Interview – Laptop security – it’s part psychology, part technology. Dr. Larry Ponemon from the Ponemon Institute shares his research on laptop theft. The interview is about ten minutes long, and it starts about 54 minutes into the show.

Interview – David Thompson is co-author of Wild West 2.0, a book that explains what’s happening as the wild web matures, and becomes civilized. The book takes a historical approach, by drawing parallels between the internet and the wild American frontier, and the disruptions to society as “gentrification” occured — and newbies began to inhabit those spaces.

Event Announcement- Sierra Nevada Infragard

Get smart about smart phone policy in the workplace:

The InfraGard Sierra Nevada Members Alliance is holding its summer meeting on Thursday, July 15, 2010, on the topic of an urgent workplace hazard: Employee-Owned Smartphones—Accessing Workplace Email and Data. A panel of data security and legal experts will cover the technology, human resource, and legal issues related to smartphones in the workplace.

Our Take on This Week’s News

America is riddled with politically motivated surveillance,or so reports the American Civil Liberties Union. Here’s the ACLU report on police infiltration and monitoring of citizen activity in 33 states and the District of Columbia.

Best Buy tries to fire employee for satire. The employee was worked three years selling mobile phones for Best Buy. But the company didn’t appreciate it when its mobile phone expert created a video poking fun at the irrational appetite for iPhone. WARNING: Do not listen to this at work without headphones; potty mouth alert!

Voice mail hacking – an example of an app that allows CallerID spoofing. Anyone can get into many voice mail accounts without a password, and can listen to messages, alter settings, or even create a new voice mail greeting.

The government of India has ordered Skype, RIM (Blackberry) and Google to provide a way for its security agencies to intercept messages. Why is this important? Two reasons: 1) we all do business with India in some indirect fashion. Someone you are doing business with is doing business with companies in India. 2) Giving a back door to the Indian government is, in effect, giving it to the world. The companies have 15 days to comply with the order or be banned from doing business in India.

The accused Russian Spies had an interesting bag of tricks that included the use of steganography. That’s the art and science of hiding messages in plain site, by embedding the information in the text of another document, or in a photo or a piece of art. It’s not just a tool for spies. You, too, can use steganography to protect your privacy.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.